Reinforce Your Aws Security Posture, At Multiple Levels

Often, we hear about publicly exposed AWS S3 buckets or security attacks, such as DDoS, brute-force, etc. Every problem in AWS, be it security, compliance, or bill spikes, was/is due to engineering problems. When it comes to AWS security, wrong Security Group (SG) configurations seems to top the charts.    

AWS security audits cannot be a fortnightly activity as generally practiced. It must be an everyday activity. As AWS practitioners, we all know this is effort intensive, especially with manual approach of using AWS console.

If you are an SMB or an enterprise, you will have hundreds of instances running in multiple SGs. Just imagine the amount of time invested just for DeSecOps activities to maintain the security posture.  

Moreover, maintaining security posture on AWS is not an one-man army fight. Security is everyone’s responsibility. It’s teamwork between a CISO or a CTO and his team of DevSecOps or DevOps engineers. Everyone needs to understand the security posture of their AWS accounts at multiple levels, from their respective job roles’ perspective, right from top level to granular level, to this end.

A Focused Visual Environment Offering Real-Time AWS Security Cues

In a dynamic AWS ecosystem, where several resources are provisioned, scaled up or scaled down on-demand, chances of overlooking misconfigurations are high. Because, rules defined under SGs are buried under KBs of code and visualizing traffic flow from logs of VPC flow log data is immensely challenging for a human mind.  

A single console offering visual cues to any security vulnerabilities, to everyone in the team, helps identify such vulnerabilities 100X faster!

Lets walk you through a couple of security audits a CXO or a DevSecOps engineer must perform. Watch how easy it is to perform on a visual console!

Case in Point #1

Checking for open TCP/UDP ports associated with relevant IP and security groups:

Unrestricted inbound/ingress access to TCP/UDP ports can invite malicious activity. The typical plan of action is to keep a check on instances’ SGs for inbound rules that allow unrestricted access (i.e. to any of these ports and restrict access to only those IP addresses that require it to implement the principle of least privilege.

On the AWS console, you need to hop between Network and Security section and then Security groups via EC2 or RDS dashboard. Check for the tabs shown below the tabulated list. This might take few minutes depending on the number of instances.

However, using TotalCloud, you can check the ingress and egress and check for SGs containing resources that allow data outside the Infrastructure at a glance.

Observe the video below:

This will take anywhere between 5 to 10 seconds, irrespective of the number of instances you are using.

Case in Point #2

Finding SSH open ports and ensuring they are used only for jump box/bastion hosts

Securing network security at the subnet level using a bastion host, NAT instances, or NAT Gateways helps in protecting data. An SG allowing bastion connectivity for existing private instances must only accept SSH or RDP inbound requests from bastion hosts across AZs.

Whereas, the inbound & outbound traffic must be restricted at the protocol level, where in the inbound rule base should accept SSH connections only from the specific IP addresses. The outbound connection should again be restricted to SSH or RDP access to the private instances of your AWS infrastructure.  

On the AWS console, you need to go to VPC console, scroll down to SGs and check for inbound and outbound data under each SG. This might take few minutes to hours depending on the number of instances.

However, using TotalCloud, you can check the ingress and egress and check for SGs containing resources that allow data outside the Infrastructure at a glance.

Observe the video below:

Conclusion: A Centralized Focus View with Visual Cues for Real-time DevSecOps

Change is the only constant. In a dynamic cloud setup, several teams engage. Having a centralized view of live data that acts as visual cues to vulnerabilities, helps identifying security issues in real-time. The ability to zoom in and zoom out at multiple levels, along with the capability to filter out traffic rules, helps everyone in the team to act and secure their infrastructure.

With immersive visualization of such data, anyone in the team can perform continuous security and understand security posture 100X faster and better compared to dashboards. TotalCloud’s Security View is exactly that! Do give it a try!

If you are looking to understand AWS Network stack at a glance, read this post.

Reinforce Your Aws Security Posture, At Multiple Levels

Smart Scheduling at your fingertips

Go from simple to smart, real-time AWS resource scheduling to save cost and increase team productivity.

Learn More
More Posts

You Might Also Like

AWS Tips & Tricks
How to Schedule RDS Instances with an AWS Lambda function?
Save your costs with scheduled operation of your database. Start and stop the RDS instances manually with python Lambda functions.
February 25, 2020
Introducing the TotalCloud Smart Scheduler
Announcing the launch of the TotalCloud Resource Scheduler! Take complete advantage of AWS's 'pay for what you consume' model by putting a power control for every AWS resource that you use.
January 14, 2020
AWS Use Case Files
Increase EBS Volume Size In Aws
Learn how a simple workflow can auto-remediate and increase the EBS volume size when disk utilization goes beyond 90%
December 2, 2019
AWS Use Case Files
Reporting Untagged Resources
Learn how simple workflow can be set up to generate a report of untagged resources. This enables you to save costs, monitor resources & improve performance
October 24, 2019
AWS Use Case Files
Aws EC2 Instance CPU Utilization Report
Learn how a single workflow can be used to generate a CPU Utilization Report for EC2 Instances and ensure you aren't over or under utilising them.
October 24, 2019
AWS Use Case Files
Reporting Security Groups - Tcp Port 22 (Ssh) Public Ip Access
Learn how to use a simple workflow to generate a report of Security Groups with unrestricted Port 22 access from Public IP
October 24, 2019